In a candid conversation between Mark Ryan, Head of IT at CityJet, and ROCTEL CEO Cormac Reid, the two leaders unpacked the evolving cybersecurity landscape in regional aviation. What emerged wasn’t a product pitch but a grounded, real-world discussion about operational resilience, cultural transformation, and the human side of cybersecurity.
Aviation’s Unique IT Footprint
CityJet operates under wet-lease contracts, primarily serving SAS across short-haul European routes. “Our passenger-facing tech stack is SAS-owned,” explained Mark. “We authenticate to their systems for boarding and off-boarding, and that’s it. Our data responsibilities are concentrated on our people and our operational backbone.”
This lean model simplifies GDPR obligations and digital touchpoints, but it doesn’t reduce the need for robust infrastructure. When Mark joined CityJet three years ago, the IT environment needed a refresh. “We moved from CapEx to OpEx — hybrid infrastructure, backup, and DR-as-a-Service with IBM. Suddenly, we could show business units what duplicated data costs. The conversation shifted from ‘IT is expensive’ to ‘data discipline saves money.’”
Cybersecurity Starts with Culture
“Culture is always the hardest patch to pave — and it’s where attackers tend to start,” noted Cormac.
Both leaders agreed: technology alone isn’t enough. “Cybersecurity in a regulated environment is fundamentally about human factors,” said Mark. At CityJet, that means running quarterly phishing simulations with graduated consequences. “If someone submits credentials, it triggers an account lockdown and a day of classroom retraining.”
The company also restricts USB access by default. “In hybrid work, external devices can easily find their way into corporate machines. Our job is to make the secure path the easy one,” Mark explained. That includes using OneDrive links instead of thumb drives, guest upload portals in place of ad-hoc sharing, and enforcing simple, opinionated defaults that guide users toward safer habits.
Low-Tech Solutions to High-Tech Threats
The conversation turned to social engineering, where even the best processes can be undone by a convincing voice or video. “We’re seeing a return to low-tech solutions,” said Mark. “Code words for high-value transfers, for instance. Unfashionable, but hard to spoof.”
He emphasized the shift from “if we’re breached” to “when we’re breached.” The real question becomes: “How fast do you contain, and how cleanly do you recover?”
Cormac shared contrasting ransomware cases: one client paid and recovered quickly, the other didn’t and faced weeks of downtime. Mark cautioned that while paying may restore access, long-term trust and data security remain at risk, especially with threats like “harvest-now, decrypt-later.” The key, he said, lies in fundamentals: segmented systems, immutable backups, practiced recovery drills, and clear decision thresholds.
Automation, AI & Latency Intelligence
Looking ahead, both ROCTEL and CityJet are leaning into automation and AI as strategic enablers. “We’re launching our HyperCloud platform next month,” said Cormac, “focused on latency intelligence — mapping least-cost, least-latency routes across 14 different cities.” He’s excited to officially announce HyperCloud at Web Summit in Lisbon, where ROCTEL will showcase how AI-driven network intelligence is reshaping enterprise connectivity.
Mark echoed the vision: “The next three years are about disciplined automation and sweating what we already own.” CityJet is unlocking untapped value in its Microsoft 365 E5 stack, using Power BI, Power Automate, and Defender to drive smarter operations. Both companies are focused on using AI not as hype, but as a practical advantage to streamline performance, reduce risk, and empower people to do more with less friction.
Resilience by Design
Mark’s closing advice for CIOs in time-sensitive industries was refreshingly practical:
Cormac added two more:
As Mark summed it up: “A certificate won’t stop an attack, but a prepared team will stop the blast radius. That’s where ‘cheap and cheerful’ meets ‘safe and smart.’”
Key Takeaways
This conversation between CityJet and ROCTEL highlights a shared philosophy: cyber resilience is not just about technology, it’s about culture, clarity, and continuous improvement. From phishing simulations and USB restrictions to disciplined automation, both companies are building systems that are secure by design and agile by default.
The future of aviation IT lies in:
Whether you're managing a fleet or a network, the message is clear: resilience is built, not bought, and it starts with knowing your risks, rehearsing your responses, and making the secure path the easy one.
Ready to Build Resilience Into Your Network?
👉 Book A Discovery Meeting Here
📍 Meet Us at Web Summit Lisbon Nov. 10-13th
We’re excited to showcase HyperCloud, a next-generation SD-WAN platform for latency-aware, AI-driven connectivity across global enterprise networks at Web Summit Lisbon on Wednesday, 12th of Nov.
If you’re attending, visit our stand to discover how HyperCloud is redefining performance, resilience, and intelligent routing, built to keep your organisation protected, connected, and future-ready in today’s evolving cybersecurity landscape.
Stay connected: follow ROCTEL on LinkedIn and X (Twitter) for the latest updates, insights, and event invitations.
#CityJet #Cybersecurity #CybersecuritySummit25 #Dublin #ITLeaders #Interview #ROCTEL #Cisco #Tech #Innovation #News #Aviation
*Editor’s Note: This conversation was recorded on 8 October 2025. CityJet and ROCTEL reviewed the text for factual accuracy prior to publication.
